Server authentication flow?

Question

question

grahamwatson asked Aug 4, '17

Server authentication flow?

Hi,

I've read https://api.playfab.com/documentation/server/method/AuthenticateSessionTicket, but I'm wondering if you can advise on recommended flow for this call?

I am currently thinking that I need to send the auth ticket from my client to my server as part of the initial session joining handshake, then have the server call AuthenticateSessionTicket before deciding whether to accept or reject the connection. If it accepts, then the server should store the PlayFabId from the response, so that it can use it in future server API calls such as UpdatePlayerStatistics. If it rejects, the server should boot the player from the session, and probably log the bad login somewhere.

Is this correct, or am I missing something?

Regards

Graham

Authentication

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Answer 1 · 2017-08-04T01:54:38Z

brendan answered Aug 4, '17

The first question is, are you using our Matchmaker? If so, you'll actually want to use AuthenticateSessionTicket, since that will tell you whether or not the player legitimately should be joining the session. And that API call returns the player info, which you can save locally for future use.

Otherwise, you'll want to have a way to check with your matchmaker as to whether the player should be there, part of which should indeed be checking the player's session ticket using the API call you mentioned.

But in either case, I would definitely log the activity to your server log file - more info is always better. :)

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

question